search

raspbernetes / k8s-security-policies

This repository offers a comprehensive library of security policies designed to enhance the security of Kubernetes cluster configurations. The policies are developed in accordance with the CIS Kubernetes benchmark.
https://raspbernetes.github.io/
Apache License 2.0
176 stars 24 forks source link

add kubesec policies into individual dirs #20

Closed xunholy closed 3 years ago

xunholy commented 3 years ago

Signed-off-by: Michael Fornaro 20387402+xUnholy@users.noreply.github.com

Description

Keeping directory structure consistent with kubesec policies will make using tools like konstraint easier to consume.

Type Of Change

Issue Ref (Optional)

Which issue(s) this PR fixes (optional, using fixes #(, fixes #, ...) format, will close the issue(s) when the PR gets merged): Fixes #18

Notes

Thanks @mveitas for raising this issue.

github-actions[bot] commented 3 years ago

OPA Test Results

data.cis_1_2_1.test_violation: PASS (2.532903ms)
data.cis_1_2_1.test_violation_2: PASS (2.195289ms)
data.cis_1_2_1.test_no_violation: PASS (1.754172ms)
data.cis_1_2_1.test_no_violation_2: PASS (688.428µs)
data.cis_1_2_10.test_violation: PASS (2.242491ms)
data.cis_1_2_10.test_no_violation: PASS (3.089325ms)
data.cis_1_2_10.test_no_violation_02: PASS (3.549145ms)
data.cis_1_2_11.test_violation: PASS (4.614987ms)
data.cis_1_2_11.test_no_violation: PASS (1.72807ms)
data.cis_1_2_11.test_no_violation_2: PASS (1.464859ms)
data.cis_1_2_11.test_no_violation_3: PASS (688.828µs)
data.cis_1_2_12.test_violation: PASS (2.187889ms)
data.cis_1_2_12.test_no_violation: PASS (1.832075ms)
data.cis_1_2_12.test_no_violation_02: PASS (702.129µs)
data.cis_1_2_13.test_violation: PASS (2.413899ms)
data.cis_1_2_13.test_no_violation_02: PASS (1.746271ms)
data.cis_1_2_13.test_no_violation: PASS (1.22805ms)
data.cis_1_2_14.test_violation: PASS (4.65009ms)
data.cis_1_2_14.test_no_violation: PASS (1.584865ms)
data.cis_1_2_14.test_no_violation_02: PASS (671.927µs)
data.cis_1_2_15.test_violation: PASS (1.831274ms)
data.cis_1_2_15.test_no_violation: PASS (1.563464ms)
data.cis_1_2_15.test_no_violation_02: PASS (667.427µs)
data.cis_1_2_16.test_violation: PASS (2.69771ms)
data.cis_1_2_16.test_no_violation: PASS (1.796773ms)
data.cis_1_2_16.test_no_violation_02: PASS (691.628µs)
data.cis_1_2_17.test_violation: PASS (2.097886ms)
data.cis_1_2_17.test_no_violation: PASS (4.687091ms)
data.cis_1_2_17.test_no_violation_02: PASS (1.542663ms)
data.cis_1_2_18.test_violation: PASS (1.705569ms)
data.cis_1_2_18.test_no_violation: PASS (1.392157ms)
data.cis_1_2_18.test_no_violation_02: PASS (673.427µs)
data.cis_1_2_19.test_violation: PASS (2.4503ms)
data.cis_1_2_19.test_no_violation: PASS (1.771772ms)
data.cis_1_2_19.test_no_violation_02: PASS (669.927µs)
data.cis_1_2_2.test_violation: PASS (1.607565ms)
data.cis_1_2_2.test_no_violation: PASS (1.194549ms)
data.cis_1_2_2.test_no_violation_02: PASS (648.726µs)
data.cis_1_2_3.test_violation: PASS (1.576965ms)
data.cis_1_2_3.test_no_violation: PASS (3.030824ms)
data.cis_1_2_3.test_no_violation_02: PASS (1.95978ms)
data.cis_1_2_4.test_violation: PASS (3.526044ms)
data.cis_1_2_4.test_no_violation: PASS (1.398057ms)
data.cis_1_2_4.test_no_violation_02: PASS (1.593465ms)
data.cis_1_2_4.test_no_violation_03: PASS (667.227µs)
data.cis_1_2_5.test_violation: PASS (1.827375ms)
data.cis_1_2_5.test_violation_02: PASS (1.815274ms)
data.cis_1_2_5.test_violation_03: PASS (1.784572ms)
data.cis_1_2_5.test_no_violation: PASS (1.47696ms)
data.cis_1_2_5.test_no_violation_02: PASS (677.528µs)
data.cis_1_2_6.test_violation: PASS (1.560863ms)
data.cis_1_2_6.test_no_violation: PASS (3.084825ms)
data.cis_1_2_6.test_no_violation_02: PASS (2.600206ms)
data.cis_1_2_7.test_violation: PASS (4.697492ms)
data.cis_1_2_7.test_no_violation: PASS (1.621366ms)
data.cis_1_2_7.test_no_violation_02: PASS (671.227µs)
data.cis_1_2_8.test_violation: PASS (2.051583ms)
data.cis_1_2_8.test_no_violation: PASS (1.762971ms)
data.cis_1_2_8.test_no_violatio_02: PASS (1.71337ms)
data.cis_1_2_8.test_no_violation_03: PASS (656.627µs)
data.cis_1_2_9.test_violation: PASS (2.116287ms)
data.cis_1_2_9.test_no_violation: PASS (1.71037ms)
data.cis_1_2_9.test_no_violatio_02: PASS (1.71587ms)
data.cis_1_2_9.test_no_violation_03: PASS (667.228µs)
data.cis_1_3_1.test_violation: PASS (4.617688ms)
data.cis_1_3_1.test_violation_02: PASS (6.723573ms)
data.cis_1_3_1.test_no_violation: PASS (1.71647ms)
data.cis_1_3_1.test_no_violation_02: PASS (657.027µs)
data.cis_1_3_2.test_violation: PASS (1.916478ms)
data.cis_1_3_2.test_no_violation: PASS (2.094285ms)
data.cis_1_3_2.test_no_violation_02: PASS (856.735µs)
data.cis_1_3_3.test_violation: PASS (2.19209ms)
data.cis_1_3_3.test_violation_02: PASS (1.95808ms)
data.cis_1_3_3.test_no_violation: PASS (1.722471ms)
data.cis_1_3_3.test_no_violation_02: PASS (712.129µs)
data.cis_1_3_4.test_violation: PASS (1.642666ms)
data.cis_1_3_4.test_no_violation: PASS (1.312153ms)
data.cis_1_3_4.test_no_violation_02: PASS (1.426458ms)
data.cis_1_3_5.test_violation: PASS (5.65283ms)
data.cis_1_3_5.test_no_violation: PASS (1.344555ms)
data.cis_1_3_5.test_no_violation_02: PASS (652.327µs)
data.cis_1_3_6.test_violation: PASS (2.539303ms)
data.cis_1_3_6.test_violation_02: PASS (2.076584ms)
data.cis_1_3_6.test_violation_03: PASS (1.952079ms)
data.cis_1_3_6.test_no_violation: PASS (1.791573ms)
data.cis_1_3_6.test_no_violation_02: PASS (693.028µs)
data.cis_1_3_7.test_violation: PASS (2.183389ms)
data.cis_1_3_7.test_no_violation: PASS (1.748771ms)
data.cis_1_3_7.test_no_violation_02: PASS (678.928µs)
data.cis_1_4_1.test_violation: PASS (1.912278ms)
data.cis_1_4_1.test_no_violation: PASS (5.113109ms)
data.cis_1_4_1.test_no_violation_02: PASS (2.092985ms)
data.cis_1_4_2.test_violation: PASS (3.268433ms)
data.cis_1_4_2.test_no_violation: PASS (1.738771ms)
data.cis_1_4_2.test_no_violation_02: PASS (670.527µs)
data.cis_2_1.test_violation: PASS (3.533644ms)
data.cis_2_1.test_violation_2: PASS (3.287534ms)
data.cis_2_1.test_violation_3: PASS (3.258632ms)
data.cis_2_1.test_no_violation: PASS (2.893918ms)
data.cis_2_1.test_no_violation#01: PASS (881.436µs)
data.cis_2_2.test_violation: PASS (2.150087ms)
data.cis_2_2.test_no_violation: PASS (3.611747ms)
data.cis_2_2.test_no_violation_02: PASS (1.617166ms)
data.cis_2_3.test_violation: PASS (4.026363ms)
data.cis_2_3.test_no_violation: PASS (1.745371ms)
data.cis_2_3.test_no_violation_02: PASS (678.228µs)
data.cis_2_4.test_violation: PASS (3.605547ms)
data.cis_2_4.test_violation_2: PASS (3.67015ms)
data.cis_2_4.test_violation_3: PASS (3.405139ms)
data.cis_2_4.test_no_violation: PASS (3.014023ms)
data.cis_2_4.test_no_violation#01: PASS (854.635µs)
data.cis_2_5.test_violation: PASS (2.181989ms)
data.cis_2_5.test_no_violation: PASS (1.749471ms)
data.cis_2_5.test_no_violation_02: PASS (687.128µs)
data.cis_2_6.test_violation: PASS (7.040487ms)
data.cis_2_6.test_no_violation: PASS (4.627988ms)
data.cis_2_6.test_no_violation_02: PASS (700.229µs)
data.cis_2_7.test_violation: PASS (2.284694ms)
data.cis_2_7.test_no_violation: PASS (1.72197ms)
data.cis_2_7.test_no_violation_02: PASS (693.228µs)
data.cis_5_1_1.test_violation: PASS (821.033µs)
data.cis_5_1_1.test_violation_2: PASS (872.336µs)
data.cis_5_1_1.test_no_violation: PASS (736.631µs)
data.cis_5_1_1.test_no_violation_2: PASS (731.23µs)
data.cis_5_1_1.test_no_violation_3: PASS (723.63µs)
data.cis_5_1_1.test_no_violation_4: PASS (712.129µs)
data.cis_5_1_2.test_violation: PASS (1.327954ms)
data.cis_5_1_2.test_violation_2: PASS (1.280953ms)
data.cis_5_1_2.test_violation_3: PASS (1.273652ms)
data.cis_5_1_2.test_violation_4: PASS (1.45766ms)
data.cis_5_1_2.test_violation_5: PASS (1.344755ms)
data.cis_5_1_2.test_no_violation: PASS (869.335µs)
data.cis_5_1_2.test_no_violation_2: PASS (1.048342ms)
data.cis_5_1_2.test_no_violation_3: PASS (1.129546ms)
data.cis_5_1_2.test_no_violation_4: PASS (1.162047ms)
data.cis_5_1_2.test_no_violation_5: PASS (1.736171ms)
data.cis_5_1_3.test_violation: PASS (1.821774ms)
data.cis_5_1_3.test_violation#01: PASS (3.019623ms)
data.cis_5_1_3.test_violation#02: PASS (1.509062ms)
data.cis_5_1_3.test_violation#03: PASS (1.436059ms)
data.cis_5_1_3.test_violation#04: PASS (1.48226ms)
data.cis_5_1_3.test_violation#05: PASS (1.413258ms)
data.cis_5_1_3.test_no_violation: PASS (792.333µs)
data.cis_5_1_3.test_no_violation_2: PASS (777.032µs)
data.cis_5_1_5.test_violation: PASS (883.936µs)
data.cis_5_1_5.test_violation_2: PASS (858.435µs)
data.cis_5_1_5.test_no_violation: PASS (730.53µs)
data.cis_5_1_5.test_no_violation_2: PASS (762.832µs)
data.cis_5_1_5.test_violation_3: PASS (770.431µs)
data.cis_5_1_6.test_violation: PASS (1.180048ms)
data.cis_5_1_6.test_violation_2: PASS (1.139846ms)
data.cis_5_1_6.test_no_violation: PASS (1.021241ms)
data.cis_5_1_6.test_no_violation_2: PASS (1.028142ms)
data.cis_5_1_6.test_violation_3: PASS (1.020142ms)
data.cis_5_2_1.test_violation: PASS (1.036042ms)
data.cis_5_2_1.test_no_violation: PASS (876.136µs)
data.cis_5_2_2.test_violation: PASS (838.534µs)
data.cis_5_2_2.test_no_violation: PASS (685.328µs)
data.cis_5_2_3.test_violation: PASS (817.334µs)
data.cis_5_2_3.test_no_violation: PASS (666.327µs)
data.cis_5_2_4.test_violation: PASS (849.935µs)
data.cis_5_2_4.test_no_violation: PASS (655.627µs)
data.cis_5_2_5.test_violation: PASS (975.64µs)
data.cis_5_2_5.test_no_violation: PASS (1.008441ms)
data.cis_5_4_1.test_violation: PASS (1.115646ms)
data.cis_5_4_1.test_no_violation: PASS (1.010442ms)
data.cis_1_5_1.test_violation: PASS (2.504602ms)
data.cis_1_5_1.test_no_violation: PASS (3.324835ms)
data.cis_1_5_1.test_no_violation_02: PASS (6.206353ms)
data.containers_resources_limits_cpu.test_violation: PASS (1.521862ms)
data.containers_resources_limits_cpu.test_no_violation: PASS (1.264251ms)
data.containers_resources_limits_memory.test_violation: PASS (1.47376ms)
data.containers_resources_limits_memory.test_no_violation: PASS (1.506961ms)
data.containers_securitycontext_capabilities_add_index_sys_admim.test_violation: PASS (2.012982ms)
data.containers_securitycontext_capabilities_add_index_sys_admim.test_no_violation: PASS (1.284352ms)
data.containers_securitycontext_capabilities_drop_index_all.test_violation: PASS (1.106045ms)
data.containers_securitycontext_capabilities_drop_index_all.test_no_violation: PASS (951.139µs)
data.containers_securitycontext_privileged_true.test_violation: PASS (1.797574ms)
data.containers_securitycontext_privileged_true.test_no_violation: PASS (877.236µs)
data.containers_securitycontext_readonlyrootfilesystem_true.test_violation: PASS (1.23605ms)
data.containers_securitycontext_readonlyrootfilesystem_true.test_no_violation: PASS (1.075444ms)
data.containers_securitycontext_runasnonroot_true.test_violation: PASS (1.077244ms)
data.containers_securitycontext_runasnonroot_true.test_no_violation: PASS (921.837µs)
data.maicontainers_securitycontext_runasuser.test_violation: PASS (1.183048ms)
data.maicontainers_securitycontext_runasuser.test_no_violation: PASS (958.739µs)
data.spec_hostaliases.test_violation: PASS (860.135µs)
data.spec_hostaliases.test_no_violation: PASS (705.329µs)
data.spec_hostipc.test_violation: PASS (844.235µs)
data.spec_hostipc.test_no_violation: PASS (714.029µs)
data.spec_hostnetwork.test_violation: PASS (843.434µs)
data.spec_hostnetwork.test_no_violation: PASS (670.027µs)
data.spec_hostpid.test_violation: PASS (804.832µs)
data.spec_hostpid.test_no_violation: PASS (669.227µs)
data.spec_volumes_hostpath_path_var_run_docker_sock.test_violation: PASS (1.033542ms)
data.spec_volumes_hostpath_path_var_run_docker_sock.test_no_violation: PASS (862.835µs)
data.containers_image_tag.test_violation_1: PASS (1.085745ms)
data.containers_image_tag.test_violation_2: PASS (1.064744ms)
data.containers_image_tag.test_no_violation: PASS (898.037µs)
data.containers_securitycontext_allowprivilegedeescalation_true.test_violation: PASS (1.098845ms)
data.containers_securitycontext_allowprivilegedeescalation_true.test_no_violation: PASS (900.036µs)
--------------------------------------------------------------------------------
PASS: 200/200